freeradius using pam_oath doesn't return otp challenge

Martin Kraus lists_mk at wujiman.net
Mon Jun 17 10:32:07 CEST 2013


On Sun, Jun 16, 2013 at 01:15:06PM -0400, Alan DeKok wrote:
> Martin Kraus wrote:
> > Yes I did that before posting. However the only thing that would allow
> > something like a standard password plus otp is using google authenticator with
> > the forward password option through rlm_pam again. I was looking for other
> > options just to look at it from different angle that might perhaps turn out
> > better. 
> 
>   Using PAM is the wrong approach.  PAM is an abstraction layer around
> back-end authentication systems.  FreeRADIUS can connect directly to all
> authentication systems.  So using PAM is redundant, and often just adds
> problems.

Ok. However I still don't see how I would go about setting it up. I thought I can
call only a single authentication module in freeradius. When one succeeds the
authentication section terminates.
Also the only support for oath in freeradius are the oath toolkit and google authenticator
PAM modules.

could you please point me in the right direction?
thanks
martin


More information about the Freeradius-Users mailing list